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AMENDMENTS TO THE SPECIFICATION 
Please replace paragraph [0010] with the following amended paragraph: 
[0010] A first module (e.g., a token service or a module that hosts a resource) provides an 
indication (e.g., an electronic message including a challenge or policy information) that one more 
measurable aspects of a second module are to be verified. The second module accesses the 
indication (e.g., from the electronic message or from storage) and formulates an assertion that 
that can be used to verify that the second module is configured in accordance with the one or 
more measurable aspects (e.g., that the second module has a specified configuration). 
Measurable aspects can include, for example, program identity and execution environment. The 
second module sends the formulated assertion for verification. The first module receives the 
assertion and verifies the assertion. As appropriate, when measurable aspects of the second 
module are verified, the second module is allowed to access a resource of the first module or the 
first module accepts subsequent challenges from the second module. 

Please replace paragraph [0035] with the following amended paragraph: 
[0035] Figure 1 illustrates an example of an architecture 100 that facilitates determining that a 
requester is appropriately configured for accessing a resource of a provider in accordance with 
the principles of the present invention. Within architecture 100, requester 101, intermediary 
provider 4-02 103 , provider 104, and challenge service 102 can interoperate to implement the 
principles of the present invention. Requester 101, intermediary provider 4-02 103 , provider 104, 
and challenge service 102 can exchange electronic messages in any of a variety of protocols, 
such as, for example, Simple Object Access Protocol ("SOAP"). 

Please replace paragraph [0048] with the following amended paragraph: 
[0048] Figure 2 illustrates an example flowchart of a method for verifying one more measurable 
aspects of a module in accordance with the principles of the present invention. The method 200 
can be performed to verify that a module is appropriately configured for accessing a resource or 
issuing challenges to other modules. The method 200 will be described with respect to the 
modules and data in architectur e lOO.) architecture 100. The method 200 includes an act of 
providing an indication that one or more measurable aspects of another module's configuration 
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are to be verified. For example, intermediary provider 103 can cause challenge 143 to be issued 
to requester 101. As depicted in architecture 100, in response to request 141, intermediary 
provider 103 sends challenge request 142 to challenge service 102. Challenge service 102 
responds by issuing challenge 143. Challenge 143 can be a challenge to requester 101 to prove 
that requester 101 is appropriately configured to access resource 403- 113 . Alternately, 
intermediary provider 103 can issue a challenge directly to requester 101 or can send policy 
information to requester 101. 

Please replace paragraph [0050] with the following amended paragraph: 
[0050] In other embodiments, a requester accesses previously received policy information that 
indicates how the requester is to prove that the requester is appropriately configured to access a 
resource. Requester 101 can previously have received policy information indicating how to 
prove requester 101 is appropriately configured to access resource 113. Requester 101 can 
access the previously received policy information when requesting access to resource 113. It 
some embodiments, a request is for the identity of one or more portions of executable 
instructions and/or an execution environment at the requester 

Please replace paragraph [0053] with the following amended paragraph: 
[0053] The method 200 includes an act of receiving an assertion that can be used to verify that 
the other module is configured in accordance with the one or more measurable aspects (act 205). 
For example, intermediary provider 443- 103 can receive token 146 indicating that requester 101 
is configured in accordance with configuration 153. Alternately, and when appropriate, 
intermediary provider 103 can receive proof (e.g., proof 144) directly from requester 101 
provider 103. 

Please replace paragraph [0056] with the following amended paragraph: 
[0056] The method 200 includes an act of verifying the assertion (act 206). For example, 
intermediary provider 103 can verify token 146 or proof 144. When an assertion is verified (e.g., 
indicating that requester 101's configuration is appropriate), intermediary provider +4-3 103 can 
authorize requester 101 to access resource 113. 
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Please replace paragraph [0057] with the following amended paragraph: 
[0057] It may be that requester 101 has requested access to resource 114 and that resource 1 13 is 
a portion of a communication path between requester 101 and provider 104. Thus, intermediary 
provider 103 can request access to resource 114 (and thus functions as a requester) to establish 
the communication path between requester 101 and provider 104. Accordingly, further 
determination 407 147 can be performed between intermediary provider 103, provider 104, and 
tok e n challenge service 102, to determine that intermediary provid e provider 103 (and 
potentially also requester 101) is appropriately configured to access resource 114. Further 
determination 4-Q7 147 can be performed between intermediary provider 103, provider 104, and 
tok e n challenge service 102 in a manner similar to determining that requester 101 is 
appropriately configured to access resource 113. 

Please replace paragraph [0058] with the following amended paragraph: 
[0058] . That is, provider 104 can indicate one or more configurations that are appropriate for 
accessing resource 114. Intermediary provider 103 can provide proof, based on measurable 
aspects 443 123, that intermediary provider 103 includes at least one of the appropriate 
configurations. When appropriate, appropriately configured communication path 160 is 
established between requester 101 and provider 104 and requester 101 is authorized to access 
resource 114. 

Please replace paragraph [0059] with the following amended paragraph: 
[0059] Although architecture 100 depicts a provider challenging a requester, it would be 
apparent to one skilled in the art that architecture 100 can also facilitate a requester challenging a 
provider. Accordingly, it may be that a requester challenges a provider to provid e r provide 
verifiable proof that the provider is appropriately configured to issue challenges to the requester. 
For example, requester 101 can challenge intermediary provider 103 (and/or provider 104) to 
provider verifiable proof that intermediary provider 103 (and/or provider 104) is appropriately 
configured to issue challenges to requester 101. 
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Please replace paragraph [0062] with the following amended paragraph: 
[0062] In response to request/challenge 803, module 802 can send challenge/response 804 to 
module 801. Challenge/proof 804 an can include proof of a configuration (e.g., a manifest 
representing a configuration) that is appropriate for interacting with module 801 as well as a 
configuration challenge for module 801. In response to challenge/proof 804, module 801 can 
send proof 806 to module 802. Proof 806 can include proof of a configuration (e.g., a manifest 
representing a configuration) that is appropriate for accessing the resource of 802. In response to 
proof 806, module 802 can send issuance 807. Issuance 807 can include the requested resource 
or an indication that module 801 is appropriately configured to access the requested resource. 
Communication between modules in architecture 800 can be performed similarly to the 
communication between modules in architecture 100. 

Please replace paragraph [0063] with the following amended paragraph: 
[0063] Figure; 8B depicts a second example of an architecture 810 for performing a bi-directional 
challenge. Depicted in architecture 800 are modules 811 and 812. Module 811 sends 
request/challenge 813 to module 812. Request 813 can include a request to access a resource of 
module. In response to request 813, module 812 can send challenge 814 to module 811. 
Challenge 814 can include a configuration challenge for module 811. In response to challenge 
&©4 814 , module 811 can send proof/challenge 816 to module 812. Proof/challenge 816 can 
include proof of a configuration (e.g., a manifest representing a configuration) that is appropriate 
for accessing the resource of 812 along with a configuration challenge for module 812. 

Please replace paragraph [0064] with the following amended paragraph: 
[0064] In response to proof/challenge 816, module 812 can send proof/issuance 817. 
Proof/issuance 817 can include poof of a configuration (e.g., a manifest representing a 
configuration) that is appropriate for interacting with module 811 as well as the requested 
resource or an indication that module &Q1 811 is appropriately configured to access the requested 
resource. Communication between modules in architecture 810 can be performed similarly to 
the communication between modules in architecture 100. Other sequences of communication, in 
addition to those in Figures 8A and 8B, can also facilitate authorizing a requester to access a 
resource. 
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Please replace paragraph [0065] with the following amended paragraph: 
[0065] In some embodiments, a configuration challenge occurs along with machine and/or 
application authentication. Figure 3 illustrates an example of an architecture 300 that facilitates 
utilizing machine and/or application authentication along with a configuration challenge to 
determine that a requester is appropriately configured to access a resource of a provider. Within 
architecture 300, computing system 301 includes requesting instructions 31 l(a requester) and 
measurable aspects 321. Measurable aspects 321 generally represent measurable aspects of 
computing system 324- 301, such as, for example, identity values and execution environment 
values associated with requesting instructions 311. Computing system 302 includes providing 
application 312 and resource 322. Computer system 301 and 302 can communicate to facilitate 
requesting instructions 31 l's access to resource 322. 

Please replace paragraph [0071] with the following amended paragraph: 
[0071] The method 400 includes an act of receiving an assertion that can be used to verify that 
that the requesting instructions are appropriately configured for interacting with the providing 
application (act 408). For example, providing application 312 can receive configuration proof 
334 indicating that requesting instructions 311 are appropriately configured for accessing 
resource 322. Configuration proof 334 can include a signed digest or a token. In response to 
configuration proof 334, providing application 312 can return resource 322 to requesting 
instructions 311 and/or indicate that requesting instructions are appropriately configured to 
access resource 322. 

Please replace paragraph [0080] with the following amended paragraph: 
[0080] Alternately, resource 530 can forward the response to challenge service 510. Challenge 
service 510 can attempt to verify the response, for example, by comparing the response to 
answers for other versions of target 409 509 . For example, an assembly may have a plurality of 
different versions. Some of the versions may be more recent versions with a wider installation 
base. However, even older versions of the assembly may be appropriate for accessing resource 
530. Yet, since these older versions do not have widespread use challenge service may not pre- 
compute an answer for these older versions. Thus, when receiving a response that is not an 
answer, resource 530 can forward the response so that these older versions can be checked. If, 
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upon validation, the response indicates a correct answer, requester 520 can be given a token for 
accessing resource 530 (even when the response was not a pre-computed answer). 
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AMENDMENTS TO THE DRAWINGS 

The attached sheet of drawings includes changes to Figure 5. This sheet, which includes 
Figure 5, replaces the original sheet including Fig. 5. 



Attachment: Replacement Sheet 

Annotated Sheet Showing Changes 
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